Does GSA SER leave me vulnerable to email hacks?
Since I started using GSA SER I have had a number of letters from my hosting company like this:
It has only been on websites where I'm using as POP3 address for GSA SER. No others.
My computer has been scanned by Malwarebytes Pro, SpyBot and NOD 32, no infections
Can anyone offer me advice?
Thanks, John
It has come to our attention that messages sent from an account under
your control are being reported back as spam. Upon further investigation
it was determined that an email account under your control has been
exploited. It appears that your email password has been compromised
which allowed these messages to be sent. We have updated your
password(s) in order to prevent this from recurring. Please scan the PC
that uses this email address with an updated AV and Malware scanner to
ensure that the infection is removed. Please provide us with the details
of how your PC is scanned and secured. Please let us know if you have
any questions or if we can be of any further assistance to you.
Affected Email Account: geeser@
New Email Password: xxxxxxxxx
New cPanel Password: xxxxxxxxx
Mail Log Parsed from Jul 21, 2014 23:30:33 to Jul 22, 2014 23:30:33
User sent approximately 306,767 messages to 290,617 unique recipients.
There were 99736 bounces on 240210 unique addresses, 32 percent of the emails sent.
Affected Email Account: geeser@
New Email Password: xxxxxxxxx
New cPanel Password: xxxxxxxxx
Mail Log Parsed from Jul 21, 2014 23:30:33 to Jul 22, 2014 23:30:33
User sent approximately 306,767 messages to 290,617 unique recipients.
There were 99736 bounces on 240210 unique addresses, 32 percent of the emails sent.
It has only been on websites where I'm using as POP3 address for GSA SER. No others.
My computer has been scanned by Malwarebytes Pro, SpyBot and NOD 32, no infections
Can anyone offer me advice?
Thanks, John
Comments
Is there any way to get them barred after say 5 attempts?
Like you can get Limit Login Attempts plugin for Wordpress
Vij - the email has been hacked. See it sent 300,000 emails? That's not GSA SER.
In WHM you can use CPhulk which will ban an IP after x amount of failed login attempts (I chose 1 failed login attempt)
You can also use CSF firewall, which is a very handy thing. You will need to install that via SSH, then configure it. That's all pretty straight forward.
The last option I can think of in WHM is using host access control. You can really only use this if you are the only person that is supposed to access your server, or email. You basically whitelist your IP on the services you specify, then black list everyone else
Now THAT'S the type of info I was looking for! Thanks for your help
The only thing lft to ask is probably from Sven himself
I've been hosting hundreds of sites over 5 HG servers since 2004
Never has any email address been hacked like this
And it's only email accounts being used by GSA SER
Is there any possible link?
But anyhow, you have helped me mightily, heartfelt thanks!
Thanks again for your help, Dude
Good luck!
Like I said, I use host access control. No IP can login to any cpanel account, or email unless it is my IP. Only way around that is to know my IP and spoof the IP using Linux (and that might not even work I have never tried).